From 260c3c5344ac9e18046a47e7114ff8683aeac71d Mon Sep 17 00:00:00 2001
From: Daniel Markstedt <daniel@mindani.net>
Date: Wed, 6 May 2026 20:43:26 +0200
Subject: [PATCH] CVE-2026-44053: libatalk: remove DHCAST128 UAM from default
 configuration

Reported-by: @00redbeer
Signed-off-by: Daniel Markstedt <daniel@mindani.net>
---
 doc/manpages/man5/afp.conf.5.md | 3 +--
 libatalk/util/netatalk_conf.c   | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/doc/manpages/man5/afp.conf.5.md b/doc/manpages/man5/afp.conf.5.md
index 3bb5ca76..d2dc546c 100644
--- a/doc/manpages/man5/afp.conf.5.md
+++ b/doc/manpages/man5/afp.conf.5.md
@@ -254,8 +254,7 @@ chooser or the "connect to server" dialog.
 
 uam list = *uam list* **(G)**
 
-> Space or comma separated list of UAMs. (The default is "uams_dhx.so
-uams_dhx2.so").
+> Space or comma separated list of UAMs. (The default is "uams_dhx2.so").
 
 The most commonly used UAMs are:
 
diff --git a/libatalk/util/netatalk_conf.c b/libatalk/util/netatalk_conf.c
index 30eb7890..84e30a07 100644
--- a/libatalk/util/netatalk_conf.c
+++ b/libatalk/util/netatalk_conf.c
@@ -2596,7 +2596,7 @@ int afp_config_parse(AFPObj *AFPObj, char *processname)
     options->uampath        = getoption_strdup(config, INISEC_GLOBAL, "uam path",
                               NULL, _PATH_AFPDUAMPATH);
     options->uamlist        = getoption_strdup(config, INISEC_GLOBAL, "uam list",
-                              NULL, "uams_dhx.so uams_dhx2.so");
+                              NULL, "uams_dhx2.so");
     options->port           = getoption_strdup(config, INISEC_GLOBAL, "afp port",
                               NULL, "548");
     options->signatureopt   = getoption_strdup(config, INISEC_GLOBAL, "signature",